Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-c5xf-rmv4-j85h

Опубликовано: 06 авг. 2025
Источник: github
Github: Прошло ревью
CVSS4: 2

Описание

Concrete CMS is vulnerable to Stored XSS from Home Folder on Members Dashboard page

Concrete CMS versions 9 through 9.4.2 are vulnerable to Stored XSS from Home Folder on Members Dashboard page.  Version 8 was not affected. A rogue admin could set up a malicious folder containing XSS to which users could be directed upon login.

Ссылки

Пакеты

Наименование

concrete5/concrete5

composer
Затронутые версииВерсия исправления

>= 9.0.0RC1, < 9.4.3

9.4.3

EPSS

Процентиль: 30%
0.00109
Низкий

2 Low

CVSS4

CVE ID

CVE-2025-8573

Дефекты

CWE-20
CWE-79

Связанные уязвимости

nvd логотип

CVE-2025-8573

CVSS3: 4.8
nvd
6 месяцев назад

Concrete CMS versions 9 through 9.4.2 are vulnerable to Stored XSS from Home Folder on Members Dashboard page.  Version 8 was not affected. A rogue admin could set up a malicious folder containing XSS to which users could be directed upon login. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.0 with vector CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N. Thanks sealldev  (Noah Cooper) for reporting via HackerOne.

EPSS

Процентиль: 30%
0.00109
Низкий

2 Low

CVSS4

CVE ID

CVE-2025-8573

Дефекты

CWE-20
CWE-79